[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Search domains in our environment (Proposal)



seth vidal wrote:
On Wed, 2007-12-19 at 18:54 -0500, Anand Capur wrote:
        The reason for all of this is the firewall in place at the PHX
        colo. If
        that wasn't there we wouldn't need any of the games at all. We
could just have foo.fedoraproject.org be resolveable from anywhere
        and
        foo.vpn.fedoraproject.org just mean 'go over the vpn to get to
it'. seth 'big fan of simple networking' vidal
        -sv

+1, but do we still need the firewall for other things?

So the firewall is something that came with the space. It's red hat's
firewall and I don't think we have any choice for the hosts inside phx.

In general, I'm a much bigger fan of hosts-based firewalling and
clamping down on exposure paths that way than an edge firewall for a
network. In this case it would also make our setup a good bit simpler if
we didn't have the edge firewall at all.

Just so my stance on this is also public. In general I also agree that it is good to remove the PHX firewall from the mix. The biggest being IP space. (think about the builders and such). There's also a firewall there that we could re-implement ourselves. While long term I do want to re-think our interactions with PHX but I can't say for sure exactly what that will be. If, for example, we got funding to host all non-buildsystem stuff in our new German colo, many of these problems might go away.

I'd very much like to research the alternatives but for now I think the search domain method would suit us well.

   -Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]